There is a vulnerability in Sun Solaris that could allow local users to cause a denial of service when the Basic Security Module (BSM) is configured to perform auditing of specific audit classes.
Sun Microsystems describes the Basic Security Module (BSM) as a "security auditing subsystem and a device allocation mechanism that provides the required object reuse characteristics for removable or assignable devices." There is a vulnerability in Sun Solaris systems with BSM enabled that could allow local users to cause a system panic.
According to the Sun Security Alert:
Local unprivileged users may be able to panic Solaris systems with Basic Security Module (BSM) enabled causing a Denial of Service (DoS). This issue can only occur on systems where BSM has been configured to audit the Administrative audit class "ad" or the System-Wide Administration audit class "as".
A local unprivileged user could cause a denial-of-service condition.
Sun has issued an advisory which addresses this issue. For more information on patches available for your system, please refer to Sun Security Alert: 57497.
Vendor| Status| Date Notified| Date Updated
Sun Microsystems Inc.| | -| 28 Jun 2004
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
This vulnerability was reported by Sun Microsystems Inc.
This document was written by Damon Morda.